AWS胶水可以使用IAM身份验证连接到Elasticsearch吗？

发布于 2025-01-28 18:14:34 字数 371 浏览 3 评论 0原文

遵循本教程： https://docs.aws。 Amazon.com/glue/latest/ug/tutorial-elastisearch-connector.html

我知道使用此连接器可以连接到AWS Elasticsearch，但这仍然需要AWS Secrets Manager来存储用户名和密码。

是否可以使用IAM身份验证连接到Elasticsearch，而不是用户名＆amp;密码？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

眼中杀气 2025-02-04 18:14:34

可以使用IAM身份验证

。

alasticsearch glue glue glue 目前不支持IAMATHETICATION＆AMP;仅支持用户名和密码作为身份验证机制。

回复收藏 0 原文

贵在坚持 2025-02-04 18:14:34

两年后，这可能不再相关，但是我添加了此内容，以防万一有人像我一样找到这个问题，以寻找答案。
Ermiya的评论是准确的，从某种意义上说，没有连接器允许开发人员指定应使用IAM身份验证而不是用户名/密码或Secret Manager条目。
但是，连接器使用的密码字段并不真正关心您发送的内容，只要目标资源预期的可接受值。

您可以按照以下步骤操作：

像往常一样配置连接器。为密码使用虚拟值。
使用BOTO的标准API获取令牌，
一样替换密码字段值
在我的情况下像往常

，连接到RDS Postgres，我在胶水脚本中进行了此操作：

session = boto3.Session()
client = session.client('rds')

token = client.generate_db_auth_token(DBHostname=dbHostName, Port=port, DBUsername=dbUserName, Region=region)

然后，我修改了连接选项：

RelationalDB_node1721742353390 = glueContext.create_dynamic_frame.from_options(
    connection_type = "postgresql",
    connection_options = {
        "useConnectionProperties": "true",
        "dbtable": "users",
        "connectionName": "Aurora connection",
        "url" : "jdbc:postgresql://the-cluster-main.aaaaaaaaa.us-east-1.rds.amazonaws.com:5432/main?ssl=true",
        "user": "data_replication",
        "password": token
    },
    transformation_ctx = "RelationalDB_node1721742353390"
)

这可以完美地工作。当然，如果您想使用视觉环境，这不是解决方案。为此，解决方案也是可能的：

为要使用的连接器创建包装器，实现主接口（在我的情况下JDBC）并将其作为自定义连接器打包。在此代码中，您可以将密码替换为从IAM中获得的令牌，并且可以在视觉环境中使用连接器。

after 2 years, this probably is not relevant anymore, but I'm adding this just in case someone might find this question, like I did, in search for answers.
Ermiya's comment is accurate, in the sense that no connector allows the developer to specify that IAM authentication should be used instead of username/password or secret manager entry.
However, the password field used by the connector doesn't really care much about what you send there, as long as it is an acceptable value expected by the target resource.

You can follow these steps:

Configure your connector as usual. Use a dummy value for the password.
Obtain a token using the standard api from boto
replace the password field value with the obtained token
connect as usual

In my case, connecting to RDS Postgres, I did this in my glue script:

session = boto3.Session()
client = session.client('rds')

token = client.generate_db_auth_token(DBHostname=dbHostName, Port=port, DBUsername=dbUserName, Region=region)

and then, I modified the connection options:

RelationalDB_node1721742353390 = glueContext.create_dynamic_frame.from_options(
    connection_type = "postgresql",
    connection_options = {
        "useConnectionProperties": "true",
        "dbtable": "users",
        "connectionName": "Aurora connection",
        "url" : "jdbc:postgresql://the-cluster-main.aaaaaaaaa.us-east-1.rds.amazonaws.com:5432/main?ssl=true",
        "user": "data_replication",
        "password": token
    },
    transformation_ctx = "RelationalDB_node1721742353390"
)

This works perfectly. Of course, it is not a solution if you want to use the visual environment. For that, the solution is also possible:

Create a wrapper for the connector you want to use, implementing the main interface (JDBC in my case) and pack it as a custom connector. In this code, you replace the password with the token obtained from IAM and you can use the connector in the visual environment just fine.

回复收藏 0 原文

~没有更多了~